Re: [PLUG] https Certificates Question

Pat Barron on 10 Jul 2013 22:30:28 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] https Certificates Question

From: "Pat Barron" <pat@lectroid.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] https Certificates Question
Date: Thu, 11 Jul 2013 01:30:21 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

FWIW, StartSSL is accepted as a recognized CA in all the major browsers. But, their terms for free certs prohibit using them in any sort of for-profit business. How they'd enforce that, who knows... But, that's what they want you to agree to, to get a free cert.

I just run my own CA (in my case, using XCA, which is actually a nice tool). But if the cert is going to be relied on by people other than yourself and your (knowlegable) friends, probably not the best plan.

--Pat.

Sent from my HTC Oneâ S on T-Mobile. Americaâs First Nationwide 4G Network.

----- Reply message -----
From: "Lee H. Marzke" <lee@marzke.net>
To: <jonathan@jdsnetwork.com>, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: [PLUG] https Certificates Question
Date: Wed, Jul 10, 2013 11:38 AM

Firefox 21.0 on Ubuntu 12.04 64 bit accepts it.

----- Original Message -----
> From: "Jonathan Simpson" <jonathan@jdsnetwork.com>
> To: plug@lists.phillylinux.org
> Sent: Wednesday, July 10, 2013 11:26:17 AM
> Subject: Re: [PLUG] https Certificates Question
>
> There's a free startssl cert on https://talks.fosscon.org if
> you'd like to check if your browser(s) accept it.
>
> On 7/10/2013 11:14 AM, Lee H. Marzke wrote:
> > I don't think the free certs are recognized widely by
> > browsers.
> >
> > I'm using rapidSSL sold through zoneedit, $24/yr for
> > single host and
> > $125/yr for wildcard. They claim %99.9 browsers
> > accept them.
> >
> > I don't use them for e-commerce, but things like my
> > secure/large file
> > transfer appliance ( file drop server )
> >
> > The rapidSSL cert through the main site is $49/yr , don't
> > understand that
> > I guess zoneedit is selling wholesale to their clients.
> >
> > Lee
> >
> >
> >
> > ------------------------------------------------------------
> >
> > *From: *"Sam Gleske" <sam.mxracer@gmail.com>
> > *To: *"Philadelphia Linux User's Group Discussion
> > List" <plug@lists.phillylinux.org>
> > *Sent: *Wednesday, July 10, 2013 10:11:57 AM
> > *Subject: *Re: [PLUG] https Certificates Question
> >
> > On Wed, Jul 10, 2013 at 7:35 AM, Mail List
> > <maillist@nerdworld.org
> > <mailto:maillist@nerdworld.org>> wrote:
> >
> > I need to set up one of my apache web servers as a
> > secure server with
> > https protocol.
> >
> > I'm wondering about the costs and potential
> > pitfalls in doing so.
> >
> > A quick web search has found that commercial
> > certificates from the "big
> > guys" are around $250/year. However, I see that
> > CAcert offers
> > certificates
> > for free.
> >
> > Can anyone point me to a good primer/reference for
> > this, or let me know
> > how you fared establishing a secure web server?
> >
> >
> > Hi Casey,
> > Allow me to clarify what you intend. Are you planning
> > on making your web server public for people not
> > affiliated with you or your company to use? Or is
> > this web server planned for internal/personal use?
> >
> > If you're trying to run a shopping cart for people to
> > interact with your business and your customers are
> > random people on the internet then you should
> > definitely get a signed certificate from a well known
> > and accepted authority (there are a number of them).
> > If this is meant for your own internal use then I
> > suggest running your own personal certificate
> > authority and trusting your certificate authority
> > certificate in all the devices that need to connect to
> > your servers (phones, web browsers, etc).
> >
> > You can manage your own personal CA using the openssl
> > tools pretty easily.
> >
> > CA management from Linux,
> > http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
> >
> > CA management from Windows,
> > http://sourceforge.net/projects/xca/
> >
> > You can have a trusted model with your own
> > "self-signed" certificates by running a certificate
> > authority. This is not recommended if the public
> > needs to access your server because they won't have
> > your CA trusted.
> >
> > SAM
> >
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group --
> > http://www.phillylinux.org
> > Announcements -
> > http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion --
> > http://lists.phillylinux.org/mailman/listinfo/plug
> >
> >
> >
> >
> > --
> > "Between subtle shading and the absence of light lies the
> > nuance of iqlusion..." - Kryptos
> >
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] https Certificates Question
Next by Date: Re: [PLUG] https Certificates Question
Previous by thread: [PLUG] Fosscon 2013 in one month.
Next by thread: [PLUG] repair MBR
Index(es):
- Date
- Thread